Say you’re using FreeIPA (or perhaps you’ve generated your own CA) and you want to have your machines trust it. Well in Fedora you can run the following command against the CA file:
2 thoughts on “Trusting a self-generated CA system-wide on Fedora”
Hey Chris,
Thanks for this. I wouldn’t have found the p11-glue packages in Fedora (and RHEL/CentOS 7) had I not read this.
Out of interest, how did you come across this command?
All my searching for trusting root certificates (in Red Hat flavoured operating systems) seemed to indicate that the ‘update-ca-trust’ command, provided by the ‘Mozilla CA root certificate bundle’ package, was the only way.
After reading your blog I can see that the p11-glue packages were first added to Fedora in version 19.
Anyway I ask as, aside from one less step, I’m not sure what the benefit is of this over using ‘update-ca-trust’.
David
Hi David, I think I googled it when I was wanting to trust some certificates more widely on a few systems. I guess both commands work 🙂
2 thoughts on “Trusting a self-generated CA system-wide on Fedora”
Hey Chris,
Thanks for this. I wouldn’t have found the p11-glue packages in Fedora (and RHEL/CentOS 7) had I not read this.
Out of interest, how did you come across this command?
All my searching for trusting root certificates (in Red Hat flavoured operating systems) seemed to indicate that the ‘update-ca-trust’ command, provided by the ‘Mozilla CA root certificate bundle’ package, was the only way.
After reading your blog I can see that the p11-glue packages were first added to Fedora in version 19.
Anyway I ask as, aside from one less step, I’m not sure what the benefit is of this over using ‘update-ca-trust’.
David
Hi David, I think I googled it when I was wanting to trust some certificates more widely on a few systems. I guess both commands work 🙂